Update get-modified-image.sh, .gitlab-ci.yml files

.gitlab-ci.yml

+image: docker:stable
+services:
+- docker:dind
+ 
+stages:
+    - build
+    - static_tests
+    - dynamic_tests
+
+build:
+    stage: build
+    before_script:
+        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+        - apk update
+        - apk add git
+        - chmod +x get-modified-image.sh
+        - export MODIFIED_IMAGE_FULL=$(./get-modified-image.sh)
+        - export MODIFIED_IMAGE=$(echo $MODIFIED_IMAGE_FULL | cut -d ':' -f1)
+        - echo -e "Building container $MODIFIED_IMAGE"
+    script:
+        - docker build -f $MODIFIED_IMAGE/Dockerfile $MODIFIED_IMAGE -t $REGISTRY/ci-builds/$CI_COMMIT_SHA
+        - docker push $REGISTRY/ci-builds/$CI_COMMIT_SHA
+    after_script:
+        - docker logout $REGISTRY        
+    tags: [build]
+    only:
+        changes:
+            - pica-etherpad/*
+
+clair:
+    stage: static_tests
+    before_script:
+        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+        - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
+        - apk update
+        - apk add git    
+        - chmod +x get-modified-image.sh 
+        - export MODIFIED_IMAGE_FULL=$(./get-modified-image.sh)
+        - export MODIFIED_IMAGE=$(echo $MODIFIED_IMAGE_FULL | cut -d ':' -f1)
+        - echo -e "Performing static analysis for container $MODIFIED_IMAGE"    
+    script:
+        - docker run -d --name db arminc/clair-db:latest
+        - docker run -p 6060:6060 -d --link db:postgres --name clair --restart on-failure arminc/clair-local-scan:v2.0.6
+        - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+        - mv clair-scanner_linux_amd64 clair-scanner
+        - chmod +x clair-scanner
+        - echo "Waiting for Clair daemon to start"
+        - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done 
+        - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r clair-report.json -l clair.log -w $MODIFIED_IMAGE/clair-whitelist.yml --threshold="High" $REGISTRY/ci-builds/$CI_COMMIT_SHA 
+    artifacts:
+        paths:
+            - clair-report.json
+            - clair.log
+    after_script:
+        - docker logout $REGISTRY 
+    tags: [build]
+    only:
+        changes:
+            - pica-etherpad/*
+    allow_failure: false
+
+docker-bench-security:
+    stage: dynamic_tests
+    before_script:
+        - apk update
+        - apk add wget py-pip git iproute2
+        - pip install docker-compose
+        - chmod +x get-modified-image.sh 
+        - export MODIFIED_IMAGE_FULL=$(./get-modified-image.sh)
+        - export MODIFIED_IMAGE=$(echo $MODIFIED_IMAGE_FULL | cut -d ':' -f1)
+        - sed -i -e "s/$MODIFIED_IMAGE_FULL/$REGISTRY\/ci-builds\/$CI_COMMIT_SHA:latest/g" pica-etherpad/docker-compose.yml 
+        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+        - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
+    script:
+        - if [[ -d $MODIFIED_IMAGE/secrets ]]; then for i in $MODIFIED_IMAGE/secrets/* ; do cp $i $(echo $i| cut -d '.' -f1,2); done; fi;
+        - cd $MODIFIED_IMAGE
+        - docker-compose up -d
+        - git clone https://github.com/docker/docker-bench-security.git
+        - cd docker-bench-security
+        - sh docker-bench-security.sh -c container_images,container_runtime,docker_security_operations -e check_5_12,check_4_1 -l ../../report.txt
+    artifacts:
+        paths:
+            - report.txt
+    after_script:
+        - docker logout $REGISTRY 
+    tags: [build]
+    only:
+        changes:
+            - pica-etherpad/*
+    allow_failure: true
+

get-modified-image.sh

@@ -9,4 +9,5 @@ for i in $(git diff-tree --no-commit-id --name-only $CI_COMMIT_SHA); do
 		RES=$i
 	fi
 done
-echo $RES
+RES=$(cat $RES/docker-compose.yml | grep image: | head -n1 | cut -d ':' -f2-)
+echo $RES
\ No newline at end of file